Slashdot Mirror
SF Admin Gives Up Keys To Hijacked City Network
snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."
From my viewpoint, it appears that Mr. Childs wasn't so much a malevolent person as much as he was paranoid and protective. We've all met this admin before. He won't give you any rights that you may need to do your job because you could screw "his computers". I'm not saying what he did was right or legal but he may not be the white cat stroking, maniacally-laughing villain that the initial news reports made him to be.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I just love the way people judge others they will never meet from tabloid tidbits.
I'm not saying I agree with his methods but we have no idea what really went on here
and if we're talking about 200 IT jobs lost in the last eight years and security
being a joke this guy might end up a hero...and for any of you young goofballs out there
with ass cherry jokes, your pot smoking will more likely get you there...this guy will
be playing tennis and knitting at the very worse...
I just wish we could have proof of age on the Net so we didn't have to tolerate
the "anonymous effect".
Cheers.
End of Line.
He's probably hoping for whistleblower protection, and intends to show that he was being terminated wrongfully for threatening to blow the whistle.
It may be a desperation move, but until the facts come out, we don't know. If it turns out that he was being terminated wrongfully, it's possible that the city of SF could be forced to keep him on their payroll... on the other hand, I'd speculate that he's grasping at straws.
I've read some about the "situation", and all I think all we know for certain is that we don't know anything for certain yet.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I agree completely.
There seems to be a lot more going on here than what we see.
The conspiracy side of me thinks that there's something fishy going on in the department. He found out and got fired because of it. Except he acted fast and hijacked the network. Hence why he only gave the password to the mayor...
I suspect "unauthorized" in this context might well mean "Childs".
It's not unheard of to have dialup access to a network device, in case you're locked out from the network facing side; I don't know if someone who is as, apparently, paranoid as Childs is would give them self such a fall back though.
Yeah, I had a sig once; I got bored of it.
Reading a lot of comments about him being a nut job. My question is - what if he isn't? Is it possible that as a administrator of a SAN/Network, he saw some significant security issues, and when he presented them to his supervisors was slammed for reporting the problem -- including being fired? I know from experience the feeling: Management does not like to know that they've screwed up, and will fight kicking and screaming rather that admit that they've done something wrong. For me -- most recently this includes bogus Business Requirements, and critical Business Requirements that are not being met. I've found significant security holes in the where I currently work. Presented the problems to management. The response - don't call use, we'll call you.
What was the point of holding back for so long now. Now he just lost the last hope for his negotiation.
Or, he wasn't holding back in order to negotiate, but because he wanted to get the opportunity to tell all of his grievances to the one person who he thought might have the power and wherewithal to "fix" the situation. From reading about the motions that his lawyers have filed in court, it seems that Childs is willing to risk going to jail just to be able to publicize the hard time he's been having at work for the past couple of years. In fact, he might have willingly accepted or even pursued the prospect of prosecution because he knew that he would then have a public forum to air his views, and possibly embarrass his bosses (which, despite their best efforts, he has).
It'd be interesting to know the length and characters involved in the passwords. And if it would have been possible to brute force them (within reasonable time)or use rainbow tables. I'm guessing maybe not.
The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN.
Mr. Paranoid Admin with a God complex had big freakin' huge vulnerabilities on his precious network?
It sounds to me like Mr. Paranoid Admin was so paranoid that people had started to do what they tend to do when Mr. Paranoid Admin is so paranoid they can't get anything they need done.
They'd started to work around him.
Net result: All sorts of little unauthorised connections popping up.
In being too paranoid, you wind up creating exactly the situation you fear the most: a network with lots of uncontrolled, unknown systems appearing creating security holes where none previously existed. Doesn't matter how many fancy "no unauthorised access" features your infrastructure has, sooner or later someone's going to succeed in working around them. The last thing you need to do is give them an incentive.
If this is the case, he really messed up. He dealt with it in completely the wrong way. Now he is in jail and at the mercy of the conspirators. What he should've done is left a way to maintain access to the computer... And leaked what ever they were doing using wikileaks. He probably acted in the heat of the moment and let the adrenalin do the thinking.
The more I read about this story, the more it reminds me of "The Fountainhead". This lone, brilliant man fighting the mediocrity of committees and less achieved managers. The government is NO place for a person like this. He'd be much better off running his own company with no bosses.
-- these are only opinions and they might not be mine.
The last story indicated he was eavesdropping on their network activity. That's how he knew to lock the network down before they came to fire him. He probably has PLENTY of dirt on the dirtbags. He probably not only gave the password to the mayor, but also the key to an encrypted file somewhere that will totally fsck all those people who are chasing Childs. This sounds like the tip of an iceberg to me :-)
Let's try this one instead:
You're responsible for maintaining a nuclear reactor. Your manager, who has no idea how to actually runs the reactor comes in and demands to be given all of the necessary keys and passwords to the reactor. The reactor is currently working flawlessly, and there is no obvious reason for your manager to need access to the system.
Do you:
A. realize that this could be very bad for the company, and protect the company by refusing to turn over access to an unqualified person?
B. turn over access to the access to an unqualified person, and just hope that they don't do anything which results in anyone's death, or your working 16hr shifts for the next 3 months straight.
I would argue that choosing "B" could be criminally negligent, and that A is the better choice, however, he should also immediately go to HR and explain why he's violating the order.
In this particular case, he might've saved the city of San Francisco millions of dollars in lost productivity from someone getting access who had no clue what they were doing.
Build it, and they will come^Hplain.
First off, the "case called into question since an insider came forward" bit is bunk. I read the insider's article - there was NOTHING in there that justified what Childs did. Hell, quotes from the article include "Ultimately he has no one to blame but himself" and "As for Terry's character, I can imagine this happening. He takes great personal and professional pride in his work -- to a fault. He can be very defensive if someone suggests there's something wrong with the way his network is set up, and that's been a problem for us (as his customer) a couple of times. Terry has a bad temper."
Second, this man is in no way justified in what he did. Threatening the infrastructure of a city (especially one as large as SF) is inexcusable. If you have problems with the management, you go to a newspaper. If you think the management is criminal, you call the local prosecutor's office. You don't hold up critical government functions. Yes, the management should have taken steps before now to ensure Childs wasn't the only one with access to the network. Childs' response was that of a spoiled, immature brat who doesn't comprehend that administration != ownership. He deserves jailtime - and if you don't think so, ask any SF government employee who might not have gotten a paycheck, or any courthouse that might have had to postpone hearings.
How many laws have you violated when it suited your purpose? I'd be willing to bet you do it a lot more often than a public person like a Mayor.
It's simple: I demand prosecution for torture.
Don't think much of yourself, do you ?
If I was working on designing and building a network, and I had it all up and running perfectly, should I destroy it because my boss tells me he has a better way ? What if I was a db admin who had already implemented a whole organisations internet requirements using (my|postgre)sql when a retarded buzzword compliant boss decided I should use access instead ? Should I delete everything and re-implement using access, or should I keep what I've done and start again separately with the access, so that when it all falls to shit I haven't lost anything ?
It's hard to implement two network designs concurrently, so it becomes one or the other. Why suffer the complete waste of time involved by starting again for the sake of a damn fool manager ? Better to hold out for as long as you can, so that there is a chance of getting the correct solution adopted. If they want to sack you for NOT doing something detrimental to the system, then that's their own stupid fault. If you do it their way and get fired anyway (because their way doesn't work), what have you gained ?
This guy wasn't holding anybody to ransom, making extortionate demands of his employers, or killing fluffy kittens. All he has done is refuse to give the keys to someone else's Ferrari (which he is ultimately responsible for) to a 14 year old crackhead joyrider.
This seems to me to highlight the difference between good employees and time wasters. A good employee will always have the interests of the employer at heart, and will assume ownership of problems using those interests as a basis for operation. A time waster turns up every day, does their "job" to the letter, no more, but frequently less. They don't care about the end product or the delivery of such. They just do the hours and take the money.
I know which camp I fall into, as I am used to being an employer and an employee. If I give someone a job, I would prefer they did it intelligently to achieve the best result as outlined in the requirements, not just do what I tell them, because if I have to tell you what is required for every little nuance, then I may as well have done the job myself.
Would you really just hand over the keys to a system that you spent years building, to someone who outranks you but has no idea of the power contained in having access to those keys ? For all you know they might leave the passwords on a post-it note on their monitor.
Final point - the civilian sector is NOT the army. You don't HAVE to comply with idiots above you, grow a pair and stand up for what's right. If you ARE right, then nothing too bad will happen. If you bend over for anybody with a title then you might get a title in the future, but at the cost of having any respect, self or otherwise. While it is only a movie, Crimson Tide demonstrates the principle quite well.
This reminds me of the man who got sent back to jail because the parole dept of SF didn't like that he overpowered a home invader and shot the invader's partner in self-defense, since parolees can't have posession of a handgun. Sigh.
In God we trust, all others require data.
Are you suggesting that people who are pro-gun are automatically anti-gay?
Seems to work that way. However the reality is that a large number of you'all, seem willing to write off other people's freedoms (both those that are and those that should be) just to be able to protect yourself if the government decides to start treating you the way that you allow it to treat others.
The grass is only greener, if you don't take care of your own lawn.
I'm sorry, but What Terry Childs did was the exact opposite of integrity. In trying to defend his special little toy, he has thrown away any claims to professionalism, integrity, or maturity.
If he's right--and he may well be; if his managers are ALL massively incompetent, then he has a number actions to choose from. He can try to reason with his managers, go above their heads, or eventually walk away from the job. That's right, if you can't do your job properly in any given environment, and you can't change the environment legitimately, then your responsibility is to leave, not secretly change the locks.
Hey, my manager is incompetent too!* Why don't I hack into the security system and disable his card access? After all, it'll make things better!
There are so many assumptions required here;
1) Terry Childs is telling the truth about his situation
2) He is correct in his assessment of it
3) He has pursued all possible options
4) He is skilled at communication (a surprisingly large number of 'incompetents' come around when things are explained to them properly)
5)
*Disclaimer: My manager is actually very competent, and a good guy to work for. This example for illustrative purposes only. Offer void where prohibited.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Look at the comments from Dana Hom (former COO of DTIS) on this Wired story. http://blog.wired.com/27bstroke6/2008/07/former-san-fran.html He adds some insight into how the SF government operates and convinces me that this guy is getting railroaded. It reminds me of a fired sysadmin that we had to investigate for "hacking" when all he was doing was changing permissions on his folder structure. Suddenly the PHB didn't have access to other users folders on the network and assumed there was something malicious going on.
Let me diagram my post for you.
The D.C. law said you couldn't have handguns. The courts said this law violated the constitution. The constitution wins, you get guns.
The California law said gay people couldn't get married. The courts said this violated the constitution. The constitution wins, I get to get married.
I'm just pointing out that we could just stop being bitter and enjoy our freedoms. Really, it was kind of a light and frothy post.
# (/.);;
- : float -> float -> float =
No, he's a nutjob because the person he believes is the only one he can trust in the whole city is a politician. What's Newsom going to do? Allow Network Admins to adopt their FiberWANs?
He's an overworked, underappreciated guy who is flipping out in the style that only Network and Sys Admins can. He believed that his domain was more than just some routers and lit-up fiber to service a bunch of people who won't even think about what it does for them.
So, he has the enable password and now he's made them sweat it. Truth be told, they deserve it, but he should have taken his ass and gotten it out of working for the government a long time ago. Nothing more masochistic than working directly for a government if you actually want to feel you are going to make any sort of difference whatsoever.
He's suffering from delusions of being a savior, but what is he saving - the Network from the evil managers? So who the hell cares if the network breaks? He can get them to rehire him as an overpaid consultant at 150 bucks an hour to fix it. He was supposedly well-regarded in the department, so he'd probably have a lot of traction to make that kind of move.
That's how you show them, by making them pay and pay and pay for being idiots. And if he really cares about the city, he can make a donation or something from his newfound riches. Eventually, they will hire some cost-cutter who will tell them that they can outsource to India, but first they need to learn to write documentation and generate backups. And they will listen, because consultants always have credibility, because why else would you be paying them millions?
All he's doing is fucking up his own life and it won't make a bit of difference one way or another. He might be a superb admin, but he's just as dumb as his managers otherwise.